Skip to content

Commit

Permalink
fix(frontend): Fix lost properties like note when converting task lis…
Browse files Browse the repository at this point in the history
…t to markdown and back (#437)

Also protected against prototype pollution.
  • Loading branch information
Clashsoft authored Nov 14, 2024
1 parent 1727bcf commit 057863b
Showing 1 changed file with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@ export class TaskMarkdownService {
continue;
}

const {prefix, description, points, _id, glob} = extractTaskItem(match);
// exclude __proto__ from rest to avoid prototype pollution
const {prefix, points, _id, __proto__, ...rest} = extractTaskItem(match);
const task: Task = {
...rest,
_id: _id || this.taskService.generateID(),
points: +points,
description,
glob,
children: [],
collapsed: true,
};
Expand Down

0 comments on commit 057863b

Please sign in to comment.